From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Jim Hendrick <james.r.hendrick@gmail.com>
Reply-To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Date: Monday, August 13, 2018 at 2:37 PM
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Subject: Re: [syslog-ng] Hosts before DNS

I have used HOST_FROM to get the IP of the sending server. Might help and it saves a name lookup.

I am using the latest version of ose ng, and have an issue I am trying to resolve.  We have hosts that resolve to multiple names via round robin dns.  So ng is capturing logs from all of those, depending on how it was resolved during during the connection.  For those types of hosts, I would like to configure ng to use hosts first, and fall back to dns resolution.   Tried different combinations of configs, but it does not work this way.  It either uses the hosts, or it does dns lookup.  Thanks in advance for any tips on resolving this.

 

Example: 

10.0.0.1 resolve to www, app1, ftp

I want to call it webserver in /etc/hosts, and if the entry matches, ng would just use that name.  

right now it creates 3 separate log files for the same host based on the name it's able to resolve at lookup.

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq